Implement E-Mail Domain Whitelist for Registration

[AliceWi]

Rationale / Begründung

User registrations can come from any email domain, which may lead to spam accounts, security risks, or unwanted users in the system. Implementing an email domain whitelist restricts user registrations to approved domains only, for example university or institute domains.

Affected

Users, Admins

Minimal functionality

• Allow the specification of a list of allowed email domains in the settings.
• The feature should be optional; if no domains are provided, RDMO should accept registrations from any domain.

Nice-to-have functionality

References / Verweise

[jochenklar]

Hi @AliceWi , thanks for the idea. This should not be to hard to implement.

[afuetterer]

A custom EmailValidator with an allowlist?

Ref: https://docs.djangoproject.com/en/4.2/ref/validators/#django.core.validators.EmailValidator.allowlist

[jochenklar]

I think it needs to be implemented here: https://github.com/rdmorganiser/rdmo/blob/main/rdmo/accounts/adapter.py#L14. The adapter hooks into allauth signup process. I think we just need to implement clean_email https://github.com/pennersr/django-allauth/blob/main/allauth/account/adapter.py#L346.